How To Create Enable Permissions and Run a Multi-Line PowerShell Script

This topic explains how to enable scripting in Windows PowerShell, which script extensions are used in Windows PowerShell, how to enable running PowerShell scripts, how to create a script and how run a script.

Enabling Windows PowerShell Scripts to Run

When you start Windows PowerShell on a computer, the default security policy does not allow you to run scripts. The Windows PowerShell security policy for scripting is called an execution policy. The execution policy lets you determine whether scripts can run in your environment and whether they must include a digital signature. None of the execution policies in Windows PowerShell allow you to run a script by double-clicking its icon because that is a high-risk method of running a script.

The following execution policies govern scripting in Windows PowerShell:

Restricted. Permits interactive commands only (no scripts). This is the default.

AllSigned. Permits scripts, but requires a digital signature from a trusted publisher for all scripts and configuration files, including scripts that you write on the local computer.

RemoteSigned. Permits scripts, but requires a digital signature from a trusted publisher for all scripts and configuration files that are downloaded from the Internet, including e-mail. A digital signature is not required for scripts that you create on the local computer.

Unrestricted. Permits scripts, including unsigned scripts.

Because the default Windows PowerShell execution policy is Restricted, you cannot run Windows PowerShell scripts until you change to a less restrictive execution policy. The following table lists Windows PowerShell Help topics that explain what you need to know about Windows PowerShell execution policies and how to change your policy so that you can run scripts.

Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Console.psc1 is the Windows PowerShell console file for Microsoft System Center Operations Manager.

For more information about Windows PowerShell console files, type Get-Help Export-Console at the command prompt.

Windows PowerShell format and type definitions

.ps1xml

A type of script file that provides a mechanism for extending the Microsoft .NET Framework type system. These script files are in the Windows PowerShell home directory (<C>:\WINDOWS\SysWOW64\Windowspowershell\v1.0), For more information, type Get-Help about_Types at the command prompt.

Creating a PowerShell Script

A PowerShell script is nothing more than a TEXT file. You can create it with notepad or any other text editor. When you save it give it a .PS1 extension. If you have extensions hidden, you will need to select file type All Files (*.*)

Running a Windows PowerShell Script

When you run a Windows PowerShell script, you must always indicate the full path with the name of the script even if you are working in the directory in which the script is located. If the script needs (or powershell command window) needs elevated permissions to do a task you will get an error if you have not run the PowerShell window using elevated permissions. See How to Run Any Program Including PowerShell with Elevated Privileges (aka Administrator Permissions). You can use the following methods to run a Windows PowerShell script:

Use the dot and the backslash (.\) to indicate the local directory. For example:

.\ <ScriptName>.ps1

Specify the full path of the script. For example:

C:\Scripts\<ScriptName>.ps1

Specify the path of the script, but omit the extension. For example:

C:\Scripts\<ScriptName>

Use the Invoke-Expression cmdlet to run a script. For example:

Invoke-Expression C:\Scripts\<ScriptName>.ps1

Use double quotation marks for any paths that include spaces. For example:

Invoke-Expression "C:\My Scripts\<ScriptName>.ps1"

Use the ampersand to run a script. For example:

& C:\Scripts\<ScriptName>.ps1

Enable Policy to Allow Scripts To Run – Set ExecutionPolicy

In order to run a script, you have to allow that script to run. I will do this by setting my execution policy to RemoteSigned.

RemoteSigned - Scripts can run. - Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including e-mail and instant messaging programs). - Does not require digital signatures on scripts that you have run and that you have written on the local computer (not downloaded from the Internet). - Risks running unsigned scripts from sources other than the Internet and signed, but malicious, scripts. See http://technet.microsoft.com/en-us/library/dd347641.aspx for more detail.

You can change the policy by issuing the PowerShell command. But that does not work. It does not work because you likely do not have the rights to change this setting. However, when you run the command you do get a pretty detailed error message.

Set-ExecutionPolicy RemoteSigned

NOTE: if you try to set the ExecutionPolicy from a PowerShell window (even if it has elevated privileges) you will get a message similar to: